AWS SOA真题 No.1-100

SOA

AWS Certified SysOps Administrator – Associate

AWS SOA真题 No.1-100

中英双语，人工翻译，带完整解析 AWS SOA真题 No.1-100

1 / 100

分类: SOA

1. 1. A user has created photo editing software and hosted it on EC2. The software accepts requests from the user about the photo format and resolution and sends a message to S3 to enhance the picture accordingly. Which of the below mentioned AWS services will help make a scalable software with the AWS infrastructure in this scenario?

一个用户创建了图像编辑软件并将其托管在EC2上。该软件接收用户关于照片格式和分辨率的请求，并向S3发送消息以根据这些请求增强图片。在这种情况下，以下提到的AWS服务中哪个将有助于利用AWS基础设施构建可扩展的软件？

A. A. AWS Elastic Transcoder
A. AWS 弹性转码器

B. B. AWS Simple Queue Service
B. AWS简单队列服务

C. C. AWS Simple Notification Service

C. AWS 简单通知服务

D. D. AWS Glacier

D. AWS Glacier

2 / 100

分类: SOA

2. 2. A user has created an EBS volume of 10 GB and attached it to a running instance. The user is trying to access EBS for first time. Which of the below mentioned options is the correct statement with respect to a first time EBS access?

2. 一位用户创建了一个10GB的EBS卷，并将其附加到一个正在运行的实例上。用户正在尝试第一次访问EBS。以下选项中，关于第一次EBS访问的正确陈述是什么？

A. A. The volume will be blank
A. 音量将为空

B. B. If the EBS is mounted it will ask the user to create a file system

B. 如果EBS已挂载，它将询问用户创建文件系统。

C. C. The volume will show a loss of the IOPS performance the first time
C. 此卷将在第一次使用时显示IOPS性能的损失。

D. D. The volume will show a size of 8 GB
D. 该卷的大小为8 GB

3 / 100

分类: SOA

3. 3. A user has recently started using EC2. The user launched one EC2 instance in the default subnet in EC2-VPC. Which of the below mentioned options is not attached or available with the EC2 instance when it is launched?

3. 一位用户最近开始使用 EC2。该用户在 EC2-VPC 的默认子网中启动了一个 EC2 实例。以下提到的选项中，哪个在启动时没有附加或可用与该 EC2 实例？

A. A. Public IP address
A. 公共IP地址

B. B. Internet gateway

B. 互联网网关

C. C. Elastic IP

C. 弹性IP

D. D. Private IP address
D. 私有IP地址

4 / 100

分类: SOA

4. 4. A user has created a VPC with CIDR 20.0.0.0/24. The user has created a public subnet with CIDR 20.0.0.0/25. The user is trying to create the private subnet with CIDR 20.0.0.128/25. Which of the below mentioned statements is true in this scenario?

4. 用户创建了一个CIDR为20.0.0.0/24的VPC。用户创建了一个CIDR为20.0.0.0/25的公共子网。用户正在尝试创建CIDR为20.0.0.128/25的私有子网。在这种情况下，以下哪个陈述是正确的？

A. A. This statement is wrong as AWS does not allow CIDR 20.0.0.0/25

A. 该声明是错误的，因为AWS不允许CIDR 20.0.0.0/25。

B. B. It will allow the user to create a private subnet with CIDR as 20.0.0.128/25
B. 这将允许用户创建一个CIDR为20.0.0.128/25的私有子网。

C. C. It will not allow the user to create a private subnet due to a wrong CIDR range
C. 由于CIDR范围错误，它将不允许用户创建私有子网。

D. D. It will not allow the user to create the private subnet due to a CIDR overlap
D. 由于CIDR重叠，它将不允许用户创建私有子网。

5 / 100

分类: SOA

5. 5. A user has created a VPC with CIDR 20.0.0.0/24. The user has created a public subnet with CIDR 20.0.0.0/25 and a private subnet with CIDR 20.0.0.128/25. The user has launched one instance each in the private and public subnets. Which of the below mentioned options cannot be the correct IP address (private IP) assigned to an instance in the public or private subnet?
5. 用户创建了一个CIDR为20.0.0.0/24的VPC。
用户创建了一个CIDR为20.0.0.0/25的公共子网和一个CIDR为20.0.0.128/25的私有子网。
用户在公共子网和私有子网中各启动了一个实例。
以下提到的选项中，哪一个不能是分配给公共或私有子网中实例的正确IP地址（私有IP）？

A. A. 20.0.0.255
翻译结果

A. 20.0.0.255

B. B. 20.0.0.122
B. 20.0.0.122

C. C. 20.0.0.132
C. 20.0.0.132

D. D. 20.0.0.55
D. 20.0.0.55

6 / 100

分类: SOA

6. 6. George has launched three EC2 instances inside the US-East-1a zone with his AWS account. Ray has launched two EC2 instances in the US-East-1a zone with his AWS account. Which of the below mentioned statements will help George and Ray understand the availability zone (AZ) concept better?

6. 乔治在他的 AWS 账户中已在 US-East-1a 区域启动了三个 EC2 实例。雷在他的 AWS 账户中已在 US-East-1a 区域启动了两个 EC2 实例。以下哪些陈述将帮助乔治和雷更好地理解可用区（AZ）概念？

A. A. The US-East-1a region of George and Ray can be different availability zones

A. George 和 Ray 的 US-East-1a 区域可以是不同的可用区。

B. B. The instances of George and Ray will be running in the same data centre

B. 乔治和雷的实例将运行在同一个数据中心

C. C. All the instances of George and Ray can communicate over a private IP without any cost
C. 所有的乔治和雷的实例可以在私有IP上免费通信

D. D. All the instances of George and Ray can communicate over a private IP with a minimal cost

D. 所有乔治和雷的实例都可以通过私有IP以最低的成本进行通信。

7 / 100

分类: SOA

7. 7. A user is launching an EC2 instance in the US East region. Which of the below mentioned options is recommended by AWS with respect to the selection of the availability zone?

7. 用户正在美国东部地区启动一个EC2实例。以下提到的哪些选项是AWS在选择可用区时推荐的？

A. A. Always select the US-East-1-a zone for HA

A. 始终选择 US-East-1-a 区域以实现高可用性

B. B. The user can never select the availability zone while launching an instance

B. 用户在启动实例时永远无法选择可用区

C. C. Do not select the AZ; instead let AWS select the AZ

C. 请不要选择可用区（AZ）；而是让AWS来选择可用区（AZ）

D. D. Always select the AZ while launching an instance
D. 在启动实例时，始终选择可用区。

8 / 100

分类: SOA

8. 8. A user has created a public subnet with VPC and launched an EC2 instance within it. The user is trying to delete the subnet. What will happen in this scenario?

8. 用户创建了一个公共子网与VPC，并在其内部启动了一个EC2实例。用户正试图删除该子网。在这种情况下会发生什么？

A. A. It will delete the subnet and make the EC2 instance as a part of the default subnet
A. 将删除子网，并将EC2实例作为默认子网的一部分。

B. B. It will not allow the user to delete the subnet until the instances are terminated
B. 用户在实例终止之前将无法删除子网。

C. C. The subnet can never be deleted independently, but the user has to delete the VPC first
C. 子网不能独立删除，用户必须首先删除VPC。

D. D. It will delete the subnet as well as terminate the instances
D. 它将删除子网并终止实例。

9 / 100

分类: SOA

9. 9. A user has enabled the Multi AZ feature with the MS SQL RDS database server. Which of the below mentioned statements will help the user understand the Multi AZ feature better?

9. 用户已在 MS SQL RDS 数据库服务器上启用了 Multi AZ 功能。以下哪项陈述可以帮助用户更好地理解 Multi AZ 功能？

A. A. In a Multi AZ, AWS runs two DBs in parallel and copies the data synchronously to the replica copy

A. 在多可用区（Multi AZ）中，AWS同时运行两个数据库，并将数据同步复制到副本。

B. B. AWS MS SQL does not support the Multi AZ feature
B. AWS MS SQL 不支持 Multi AZ 功能

C. C. In a Multi AZ, AWS runs just one DB but copies the data synchronously to the standby replica
C. 在多可用区中，AWS只运行一个数据库，但将数据同步复制到备用副本。

D. D. In a Multi AZ, AWS runs two DBs in parallel and copies the data asynchronously to the replica copy
D. 在多个可用区（Multi AZ）中，AWS并行运行两个数据库，并将数据异步复制到副本。

10 / 100

分类: SOA

10. 10. A user has created a queue named “myqueue” with SQS. There are four messages published to queue which are not received by the consumer yet. If the user tries to delete the queue, what will happen?

10. 用户创建了一个名为“myqueue”的队列，使用了SQS。队列中已经发布了四条消息，但消费者尚未接收。如果用户尝试删除该队列，会发生什么？

A. A. It will delete the queue

A. 它将删除队列

B. B. A user can never delete a queue manually. AWS deletes it after 30 days of inactivity on queue
B. 用户永远无法手动删除队列。
在队列30天不活动后，AWS会自动删除它。

C. C. It will ask user to delete the messages first

C. 它将要求用户先删除消息

D. D. It will initiate the delete but wait for four days before deleting until all messages are deleted automatically.
D. 这将启动删除，但在删除之前会等待四天，直到所有消息自动删除。

11 / 100

分类: SOA

11. 11. A user is trying to create a PIOPS EBS volume with 3 GB size and 90 IOPS. Will AWS create the volume?

11. 一个用户正在尝试创建一个大小为3 GB且具有90 IOPS的PIOPS EBS卷。AWS会创建这个卷吗？

A. A. Yes, since the ratio between EBS and IOPS is less than 30
A. 是的，因为EBS与IOPS之间的比例小于30

B. B. Yes, since PIOPS is higher than 100
B. 是的，因为PIOPS高于100

C. C. No, since the PIOPS and EBS size ratio is less than 30
C. 不，因为PIOPS和EBS大小的比率小于30。

D. D. No, the EBS size is less than 4GB

D. 不，EBS大小小于4GB

12 / 100

分类: SOA

12. 12. A user has created a VPC with CIDR 20.0.0.0/16 using the wizard. The user has created a public subnet CIDR (20.0.0.0/24) and VPN only subnets CIDR (20.0.1.0/24) along with the VPN gateway (vgw-12345) to connect to the user’s data centre. The user’s data centre has CIDR 172.28.0.0/12. The user has also setup a NAT instance (i-123456) to allow traffic to the internet from the VPN subnet. Which of the below mentioned options is not a valid entry for the main route table in this scenario?

12. 用户使用向导创建了一个 CIDR 为 20.0.0.0/16 的 VPC。用户创建了一个公有子网 CIDR（20.0.0.0/24）和仅限 VPN 的子网 CIDR（20.0.1.0/24），以及 VPN 网关（vgw-12345）以连接到用户的数据中心。用户的数据中心的 CIDR 为 172.28.0.0/12。用户还设置了一个 NAT 实例（i-123456），以允许 VPN 子网的流量访问互联网。在这种情况下，下面提到的选项中哪个不是主路由表的有效条目？

A. A. Destination: 172.28.0.0/12 and Target: vgw-12345
A. 目的地：172.28.0.0/12
目标：vgw-12345

B. B. Destination: 0.0.0.0/0 and Target: i-12345
B. 目标：0.0.0.0/0
和目标：i-12345

C. C. Destination: 20.0.0.0/16 and Target: local

C. 目的地：20.0.0.0/16 和目标：本地

D. D. Destination: 20.0.1.0/24 and Target: i-12345

D. 目的地：20.0.1.0/24 和目标：i-12345

正确答案: D
The user can create subnets as per the requirement within a VPC. If the user wants to connect VPC from his own data centre, he can setup a public and VPN only subnet which uses hardware VPN access to connect with his data centre. When the user has configured this setup with Wizard, it will create a virtual private gateway to route all traffic of the VPN subnet. If the user has setup a NAT instance to route all the internet requests then all requests to the internet should be routed to it. All requests to the organization’s DC will be routed to the VPN gateway. Here are the valid entries for the main route table in this scenario:,Destination: 0.0.0.0/0 & Target: i-12345 (To route all internet traffic to the NAT Instance),Destination: 172.28.0.0/12 & Target: vgw-12345 (To route all the organization’s data centre traffic to the VPN gateway),Destination: 20.0.0.0/16 & Target: local (To allow local routing in VPC),Reference: http://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_Scenario3.html

正确答案: D

用户可以根据需要在 VPC 中创建子网。如果用户希望从自己的数据中心连接 VPC，他可以设置一个公共和 VPN 仅限子网，该子网使用硬件 VPN 访问与数据中心连接。当用户使用向导配置此设置时，它将创建一个虚拟私人网关以路由所有 VPN 子网的流量。如果用户设置了 NAT 实例来路由所有互联网请求，则所有对互联网的请求应路由到它。对组织数据中心的所有请求将被路由到 VPN 网关。

在这种情况下，主路由表的有效条目如下：

目标: 0.0.0.0/0 & 目标: i-12345 (将所有互联网流量路由到 NAT 实例)
目标: 172.28.0.0/12 & 目标: vgw-12345 (将所有组织的数据中心流量路由到 VPN 网关)
目标: 20.0.0.0/16 & 目标: local (允许在 VPC 中进行本地路由)

参考: http://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_Scenario3.html

13 / 100

分类: SOA

13. 13. A user has a weighing plant. The user measures the weight of some goods every 5 minutes and sends data to AWS CloudWatch for monitoring and tracking. Which of the below mentioned parameters is mandatory for the user to include in the request list?

13. 用户拥有一个称重装置。用户每5分钟测量一次一些货物的重量，并将数据发送到AWS CloudWatch进行监控和追踪。以下提到的参数中，哪个是用户必须在请求列表中包含的？

A. A. Timezone
A. 时区

B. B. Value

B. 价值

C. C. Metric Name

C. 指标名称

D. D. Namespace

D. 命名空间

14 / 100

分类: SOA

14. 14. A user wants to capture errors that occur in the AWS MySQL RDS DB. Which of the below mentioned activities may help the user to get the data easily?

14. 一位用户希望捕获在AWS MySQL RDS数据库中发生的错误。以下哪些活动可能帮助用户更轻松地获取数据？

A. A. Direct the error log to a DB table and then query that table
A. 将错误日志导入数据库表中，然后查询该表。

B. B. Download the log file to DynamoDB and search for records
B. 将日志文件下载到DynamoDB并搜索记录

C. C. Find all the transaction logs and query on those records

C. 查找所有交易日志并查询这些记录

D. D. It is not possible to get the log files for MySQL RDS

D. 无法获取 MySQL RDS 的日志文件

15 / 100

分类: SOA

15. 15. An organization has configured Auto Scaling for hosting their application. The system admin wants to understand the Auto Scaling health check process. If the instance is unhealthy, Auto Scaling launches an instance and terminates the unhealthy instance. What is the order execution?

一个组织已经为托管他们的应用程序配置了自动扩展（Auto Scaling）。系统管理员希望了解自动扩展健康检查的过程。如果实例不健康，自动扩展将启动一个实例并终止不健康的实例。执行顺序是什么？

A. A. Auto Scaling launches and terminates the instances simultaneously
A. 自动伸缩同时启动和终止实例

B. B. Auto Scaling performs the launch and terminate processes in a random order
B. 自动扩展以随机顺序执行启动和终止过程。

C. C. Auto Scaling terminates the instance first and then launches a new instance
C. 自动伸缩首先终止实例，然后启动新的实例

D. D. Auto Scaling launches a new instance first and then terminates the unhealthy instance
D. 自动扩展首先启动一个新实例，然后终止不健康的实例

16 / 100

分类: SOA

16. 16. The CFO of a company wants to allow one of his employees to view only the AWS usage report page. Which of the below mentioned IAM policy statements allows the user to have access to the AWS usage report page?
16. 一家公司的首席财务官希望允许他的一个员工仅查看 AWS 使用报告页面。以下哪个 IAM 策略语句允许该用户访问 AWS 使用报告页面？

A. A. “Effect”: “Allow”, “Action”: [“aws-portal:ViewUsage”], “Resource”: “*”
A. “效果”: “允许”, “动作”: [“aws-portal:查看使用情况”], “资源”: “*”

B. B. “Effect”: “Allow”, “Action”: [“AccountUsage], “Resource”: “*”
B. “效果”: “允许”, “动作”: [“账户使用”], “资源”: “*”

C. C. “Effect”: “Allow”, “Action”: [“aws-portal: ViewBilling”], “Resource”: “*”
C. “效果”: “允许”, “操作”: [“aws-portal: 查看账单”], “资源”: “*”

D. D. “Effect”: “Allow”, “Action”: [“Describe”], “Resource”: “Billing”
D. “效果”: “允许”， “动作”: [“描述”]， “资源”: “计费”

正确答案: A
AWS Identity and Access Management is a web service which allows organizations to manage users and user permissions for various AWS services. If the CFO wants to allow only AWS usage report page access, the policy for that IAM user will be as given below:,{,“Version”: “2012-10-17”,,“Statement”: [,{,“Effect”: “Allow”,,“Action”: [,“aws-portal:ViewUsage”,],,“Resource”: “*”,},],},Reference: http://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/billing-permissions-ref.html

正确答案: A

AWS 身份与访问管理是一项网络服务，允许组织管理用户及其对各种 AWS 服务的权限。如果首席财务官想只允许访问 AWS 使用报告页面，该 IAM 用户的策略如下所示：

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "aws-portal:ViewUsage"
            ],
            "Resource": "*"
        }
    ]
}

参考: http://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/billing-permissions-ref.html

17 / 100

分类: SOA

17. 17. An organization has configured the custom metric upload with CloudWatch. The organization has given permission to its employees to upload data using CLI as well SDK. How can the user track the calls made to CloudWatch?

17. 一个组织已使用 CloudWatch 配置了自定义指标上传。该组织已授权其员工通过 CLI 和 SDK 上传数据。用户如何跟踪调用 CloudWatch 的请求？

A. A. Enable detailed monitoring with CloudWatch

A. 启用与CloudWatch的详细监控

B. B. The user can enable logging with CloudWatch which logs all the activities

B. 用户可以启用与 CloudWatch 的日志记录，它会记录所有的活动。

C. C. Create an IAM user and allow each user to log the data using the S3 bucket
C. 创建一个IAM用户，并允许每个用户使用S3桶记录数据

D. D. Use CloudTrail to monitor the API calls
D. 使用CloudTrail监控API调用

18 / 100

分类: SOA

18. 18. A user is checking the CloudWatch metrics from the AWS console. The user notices that the CloudWatch data is coming in UTC. The user wants to convert the data to a local time zone. How can the user perform this?

18. 一名用户正在通过 AWS 控制台查看 CloudWatch 指标。

用户注意到 CloudWatch 数据以 UTC 时间格式显示。

用户希望将这些数据转换为本地时区。

用户该如何执行这一操作？

A. A. The CloudWatch data is always in UTC; the user has to manually convert the data

A. CloudWatch 数据始终采用 UTC 时间；用户必须手动转换数据。

B. B. In the CloudWatch dashboard the user should set the local timezone so that CloudWatch shows the data only in the local time zone

B. 在CloudWatch仪表板中，用户应设置本地时区，以便CloudWatch仅以本地时区显示数据。

C. C. The user should have send the local timezone while uploading the data so that CloudWatch will show the data only in the local timezone
C. 用户在上传数据时应发送本地时区，以便CloudWatch仅显示本地时区的数据。

D. D. In the CloudWatch console select the local timezone under the Time Range tab to view the data as per the local timezone
D. 在CloudWatch控制台中，在时间范围选项卡下选择本地时区，以便按本地时区查看数据。

19 / 100

分类: SOA

19. 19. A user is trying to create a PIOPS EBS volume with 4000 IOPS and 100 GB size. AWS does not allow the user to create this volume. What is the possible root cause for this?

19. 一位用户试图创建一个具有4000 IOPS和100 GB大小的PIOPS EBS卷。AWS不允许该用户创建此卷。造成这种情况的可能根本原因是什么？

A. A. The ratio between IOPS and the EBS volume is lower than 50
A. IOPS与EBS卷之间的比例低于50

B. B. The ratio between IOPS and the EBS volume is higher than 30

B. IOPS与EBS卷的比率高于30

C. C. PIOPS is supported for EBS higher than 500 GB size
C. PIOPS 支持大于 500 GB 的 EBS

D. D. The maximum IOPS supported by EBS is 3000

D. EBS支持的最大IOPS为3000

20 / 100

分类: SOA

20. 20. An organization has created one IAM user and applied the below mentioned policy to the user. What entitlements do the IAM users avail with this policy?
{
“Version”: “2012-10-17”,
“Statement”: [
{
“Effect”: “Allow”,
“Action”: “ec2:Describe*”,
“Resource”: “*”
},
{
“Effect”: “Allow”
“Action”: [
“cloudwatch:ListMetrics”,
“cloudwatch:GetMetricStatistics”,
“cloudwatch:Describe*”
],
“Resource”: “*”
},
{
“Effect”: “Allow”,
“Action”: “autoscaling:Describe*”,
“Resource”: “*”
}
]
}

20. 一家组织创建了一个 IAM 用户，并对该用户应用了以下提到的策略。此策略下 IAM 用户拥有哪些权限？

{
“Version”: “2012-10-17”,
“Statement”: [
{
“Effect”: “Allow”,
“Action”: “ec2:Describe*”,
“Resource”: “*”
},
{
“Effect”: “Allow”
“Action”: [
“cloudwatch:ListMetrics”,
“cloudwatch:GetMetricStatistics”,
“cloudwatch:Describe*”
],
“Resource”: “*”
},
{
“Effect”: “Allow”,
“Action”: “autoscaling:Describe*”,
“Resource”: “*”
}
]
}

A. A. The policy will allow the user to perform all read only activities on the EC2 services except load balancing

A. 该政策将允许用户在EC2服务上执行所有只读活动，除了负载均衡。

B. B. The policy will allow the user to perform all read only activities on the EC2 services

B. 该政策将允许用户在EC2服务上执行所有只读活动。

C. C. The policy will allow the user to list all the EC2 resources except EBS

C. 该政策将允许用户列出所有的EC2资源，除了EBS。

D. D. The policy will allow the user to perform all read and write activities on the EC2 services

D. 该政策将允许用户对EC2服务执行所有读写活动。

正确答案: A
AWS Identity and Access Management is a web service which allows organizations to manage users and user permissions for various AWS services. If an organization wants to setup read only access to EC2 for a particular user, they should mention the action in the IAM policy which entitles the user for Describe rights for EC2, CloudWatch, Auto Scaling and ELB. In the policy shown below, the user will have read only access for EC2 and EBS, CloudWatch and Auto Scaling. Since ELB is not mentioned as a part of the list, the user will not have access to ELB.,{,“Version”: “2012-10-17”,,“Statement”: [,{,“Effect”: “Allow”,,“Action”: “ec2:Describe*”,,“Resource”: “*”,},,{,“Effect”: “Allow”,,“Action”: [,“cloudwatch:ListMetrics”,,“cloudwatch:GetMetricStatistics”,,“cloudwatch:Describe*”,],,“Resource”: “*”,},,{,“Effect”: “Allow”,,“Action”: “autoscaling:Describe*”,,“Resource”: “*”,},],},Reference: http://docs.aws.amazon.com/IAM/latest/UserGuide/GSGHowToCreateAdminsGroup.html

正确答案: A

AWS身份与访问管理是一项网络服务，允许组织管理用户及其在各种AWS服务中的权限。如果一个组织希望为特定用户设置对EC2的只读访问权限，他们应在IAM策略中指定该操作，以授予用户对EC2、CloudWatch、自动扩展和ELB的描述权限。在下面显示的政策中，用户将对EC2和EBS、CloudWatch和自动扩展具有只读访问权限。由于ELB未被列为部分，用户将无法访问ELB。

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": "ec2:Describe*",
      "Resource": "*"
    },
    {
      "Effect": "Allow",
      "Action": [
        "cloudwatch:ListMetrics",
        "cloudwatch:GetMetricStatistics",
        "cloudwatch:Describe*"
      ],
      "Resource": "*"
    },
    {
      "Effect": "Allow",
      "Action": "autoscaling:Describe*",
      "Resource": "*"
    }
  ]
}

参考: http://docs.aws.amazon.com/IAM/latest/UserGuide/GSGHowToCreateAdminsGroup.html

21 / 100

分类: SOA

21. 21. An organization has applied the below mentioned policy on an IAM group which has selected the IAM users. What entitlements do the IAM users avail with this policy?
{
“Version”: “2012-10-17”,
“Statement”: [
{
“Effect”: “Allow”,
“Action”: “*”,
“Resource”: “*”
}
]
}

21. 一家组织已在一个选择了IAM用户的IAM组上应用了以下政策。IAM用户在此政策下拥有哪些权限？

{
“Version”: “2012-10-17”,
“Statement”: [
{
“Effect”: “Allow”,
“Action”: “*”,
“Resource”: “*”
}
]
}

A. A. The policy is not created correctly. It will throw an error for wrong resource name
A. 政策未正确创建。它将因资源名称错误而抛出错误。

B. B. The policy is for the group. Thus, the IAM user cannot have any entitlement to this

B. 该政策是针对该组的。因此，IAM用户无法对此拥有任何权利。

C. C. It allows full access to all AWS services for the IAM users who are a part of this group

C. 这允许该组中的IAM用户对所有AWS服务全面访问。

D. D. If this policy is applied to the EC2 resource, the users of the group will have full access to the EC2 resources

D. 如果该策略应用于EC2资源，则该组的用户将获得对EC2资源的完全访问权限。

正确答案: C
AWS Identity and Access Management is a web service which allows organizations to manage users and user permissions for various AWS services. The IAM group allows the organization to specify permissions for a collection of users. With the below mentioned policy, it will allow the group full access (Admin) to all AWS services.,{,“Version”: “2012-10-17”,,“Statement”: [,{,“Effect”: “Allow”,,“Action”: “*”,,“Resource”: “*”,},],},Reference: http://docs.aws.amazon.com/IAM/latest/UserGuide/GSGHowToCreateAdminsGroup.html

正确答案: C

AWS身份与访问管理是一项网络服务，允许组织管理用户及其对各种AWS服务的权限。IAM组允许组织为一组用户指定权限。根据下面提到的策略，该组将被允许对所有AWS服务拥有完全访问权限（管理员）。

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": "*",
      "Resource": "*"
    }
  ]
}

参考: http://docs.aws.amazon.com/IAM/latest/UserGuide/GSGHowToCreateAdminsGroup.html

22 / 100

分类: SOA

22. 22. A user has created a VPC with public and private subnets using the VPC wizard. Which of the below mentioned statements is true in this scenario?

22. 用户使用VPC向导创建了一个包含公共子网和私有子网的VPC。在这种情况下，以下陈述中哪个是正确的？

A. A. VPC bounds the main route table with a public subnet and a custom route table with a private subnet

A. VPC 绑定了一个带有公共子网的主路由表和一个带有私有子网的自定义路由表

B. B. The user has to manually create a NAT instance

B. 用户必须手动创建一个NAT实例

C. C. The AWS VPC will automatically create a NAT instance with the micro size
C. AWS VPC将自动创建一个微型大小的NAT实例

D. D. VPC bounds the main route table with a private subnet and a custom route table with a public subnet
D. VPC 将主路由表与私有子网绑定，并将自定义路由表与公共子网绑定。

23 / 100

分类: SOA

23. 23. A user has configured ELB with SSL using a security policy for secure negotiation between the client and load balancer. Which of the below mentioned SSL protocols is not supported by the security policy?

23. 用户已经配置了带有 SSL 的 ELB，并使用安全策略在客户端和负载均衡器之间进行安全协商。以下提到的哪个 SSL 协议不受该安全政策支持？

A. A. SSL 3.0

A. SSL 3.0

B. B. TLS 1.2

B. TLS 1.2

C. C. SSL 2.0

C. SSL 2.0

D. D. TLS 1.3

D. TLS 1.3

24 / 100

分类: SOA

24. 24. A user has configured ELB with SSL using a security policy for secure negotiation between the client and load balancer. The ELB security policy supports various ciphers. Which of the below mentioned options helps identify the matching cipher at the client side to the ELB cipher list when client is requesting ELB DNS over SSL?

24. 用户配置了带 SSL 的 ELB，使用安全策略以实现客户端与负载均衡器之间的安全协商。ELB 安全策略支持多种密码套件。以下哪个选项帮助识别客户端请求 ELB DNS 通过 SSL 时与 ELB 密码列表匹配的密码套件？

A. A. Cipher Protocol
A. 加密协议

B. B. Load Balancer Preference
B. 负载均衡器偏好

C. C. Client Configuration Preference
C. 客户端配置首选项

D. D. Server Order Preference
D. 服务器订单偏好

25 / 100

分类: SOA

25. 25. A storage admin wants to encrypt all the objects stored in S3 using server side encryption. The user does not want to use the AES 256 encryption key provided by S3. How can the user achieve this?

25. 一名存储管理员希望使用服务器端加密对存储在 S3 中的所有对象进行加密。用户不想使用 S3 提供的 AES 256 加密密钥。用户如何实现这一点？

A. A. The admin should send the keys and encryption algorithm with each API call

A. 管理员应在每次API调用时发送密钥和加密算法

B. B. S3 does not support client supplied encryption keys for server side encryption
B. S3不支持客户提供的用于服务器端加密的加密密钥。

C. C. The admin should use CLI or API to upload the encryption key to the S3 bucket. When making a call to the S3 API mention the encryption key URL in each request
C. 管理员应使用CLI或API将加密密钥上传到S3桶。在调用S3 API时，在每个请求中提及加密密钥URL。

D. D. The admin should upload his secret key to the AWS console and let S3 decrypt the objects

D. 管理员应该将他的密钥上传到AWS控制台，并让S3解密对象。

26 / 100

分类: SOA

26. 26. A user has created an ELB with Auto Scaling. Which of the below mentioned offerings from ELB helps the user to stop sending new requests traffic from the load balancer to the EC2 instance when the instance is being deregistered while continuing in-flight requests?

26. 用户创建了一个带有自动伸缩的负载均衡器（ELB）。以下哪个ELB提供的服务可以帮助用户在EC2实例被注销时，停止从负载均衡器向该实例发送新的请求流量，同时继续处理已在飞行中的请求？

A. A. ELB auto registration Off
A. ELB自动注册关闭

B. B. ELB deregistration check
B. ELB 取消注册检查

C. C. ELB sticky session

C. ELB 粘性会话

D. D. ELB connection draining
D. ELB 连接排空

27 / 100

分类: SOA

27. 27. A user is trying to understand the detailed CloudWatch monitoring concept. Which of the below mentioned services does not provide detailed monitoring with CloudWatch?

27. 一个用户正在尝试理解详细的CloudWatch监控概念。以下提到的服务中，哪个不提供与CloudWatch的详细监控？

A. A. AWS EMR

A. AWS EMR

B. B. AWS RDS

B. AWS RDS

C. C. AWS Route53

C. AWS Route53

D. D. AWS ELB

D. AWS ELB

28 / 100

分类: SOA

28. 28. A user has created a VPC with CIDR 20.0.0.0/16. The user has created one subnet with CIDR 20.0.0.0/16 in this VPC. The user is trying to create another subnet with the same VPC for CIDR 20.0.0.1/24. What will happen in this scenario?

28. 用户创建了一个CIDR为20.0.0.0/16的VPC。用户在该VPC中创建了一个CIDR为20.0.0.0/16的子网。用户试图在同一VPC中为CIDR 20.0.0.1/24创建另一个子网。在这种情况下会发生什么？

A. A. It is not possible to create a subnet with the same CIDR as VPC

A. 不可能创建与 VPC 相同 CIDR 的子网

B. B. The VPC will modify the first subnet CIDR automatically to allow the second subnet IP range
B. VPC将自动修改第一个子网的CIDR，以允许第二个子网的IP范围

C. C. It will throw a CIDR overlaps error

C. 它将抛出一个CIDR重叠错误

D. D. The second subnet will be created
D. 第二个子网将被创建

29 / 100

分类: SOA

29. 29. An organization wants to move to Cloud. They are looking for a secure encrypted database storage option. Which of the below mentioned AWS functionalities helps them to achieve this?

29. 一个组织想要迁移到云端。他们在寻找一个安全加密的数据库存储选项。以下哪些提到的AWS功能可以帮助他们实现这一目标？

A. A. AWS MFA with EBS

A. AWS MFA与EBS

B. B. Multi-tier encryption with Redshift

B. 多级加密与Redshift

C. C. AWS S3 server side storage

C. AWS S3 服务器端存储

D. D. AWS EBS encryption

D. AWS EBS 加密

30 / 100

分类: SOA

30. 30. A user has launched an EC2 instance from an instance store backed AMI. The infrastructure team wants to create an AMI from the running instance. Which of the below mentioned credentials is not required while creating the AMI?
30. 用户已从实例存储支持的AMI启动了一个EC2实例。基础设施团队希望从运行中的实例创建一个AMI。在创建AMI时，以下提到的凭证中哪一个是不需要的？

A. A. AWS login ID to login to the console
A. AWS 登录 ID 用于登录控制台

B. B. AWS account ID

B. AWS 账户 ID

C. C. Access key and secret access key
C. 访问密钥和秘密访问密钥

D. D. X.509 certificate and private key
D. X.509证书和私钥

31 / 100

分类: SOA

31. 31. A user has created a VPC with two subnets: one public and one private. The user is planning to run the patch update for the instances in the private subnet. How can the instances in the private subnet connect to the internet?

31. 用户创建了一个拥有两个子网的虚拟私有云（VPC）：一个公共子网和一个私有子网。用户计划对私有子网中的实例进行补丁更新。私有子网中的实例如何能连接到互联网？

A. A. The private subnet can never connect to the internet
A. 私有子网永远无法连接到互联网

B. B. Use the internet gateway with a private IP
B. 使用带有私有IP的互联网网关

C. C. Allow outbound traffic in the security group for port 80 to allow internet updates
C. 允许安全组中端口80的出站流量，以便进行互联网更新。

D. D. Use NAT with an elastic IP
D. 使用 NAT 和弹性 IP

32 / 100

分类: SOA

32. 32. A user is trying to understand the detailed CloudWatch monitoring concept. Which of the below mentioned services provides detailed monitoring with CloudWatch without charging the user extra?

32. 一位用户正在尝试理解详细的CloudWatch监控概念。以下提到的哪些服务提供与CloudWatch的详细监控，而无需向用户额外收费？

A. A. AWS Route 53
A. AWS Route 53

B. B. AWS Auto Scaling

B. AWS 自动弹性伸缩

C. C. AWS EMR

C. AWS EMR

D. D. AWS SNS

D. AWS SNS

33 / 100

分类: SOA

33. 33. A sys admin has enabled logging on ELB. Which of the below mentioned fields will not be a part of the log file name?

33. 一名系统管理员在ELB上启用了日志记录。下面提到的哪些字段将不会成为日志文件名的一部分？

A. A. Load Balancer IP

A. 负载均衡器 IP

B. B. S3 bucket name
B. S3 存储桶名称

C. C. Random string
C. 随机字符串

D. D. EC2 instance IP
D. EC2 实例 IP

34 / 100

分类: SOA

34. 34. A user has setup a web application on EC2. The user is generating a log of the application performance at every second. There are multiple entries for each second. If the user wants to send that data to CloudWatch every minute, what should he do?

34. 用户在 EC2 上设置了一个 web 应用程序。该用户正在每秒生成应用程序性能的日志。每秒都有多个条目。如果用户想要每分钟将这些数据发送到 CloudWatch，他应该怎么做？

A. A. It is not possible to send the custom metric to CloudWatch every minute

A. 每分钟将自定义指标发送到CloudWatch是不可能的

B. B. The user should send only the data of the 60th second as CloudWatch will map the receive data timezone with the sent data timezone
B. 用户应仅发送第60秒的数据，因为CloudWatch将把接收的数据时区与发送的数据时区进行映射。

C. C. Calculate the average of one minute and send the data to CloudWatch
C. 计算一分钟的平均值并将数据发送到CloudWatch

D. D. Give CloudWatch the Min, Max, Sum, and SampleCount of a number of every minute
D. 每分钟给予CloudWatch最小值、最大值、总和和样本数量

35 / 100

分类: SOA

35. 35. A user has hosted an application on EC2 instances. The EC2 instances are configured with ELB and Auto Scaling. The application server session time out is 2 hours. The user wants to configure connection draining to ensure that all in-flight requests are supported by ELB even though the instance is being deregistered. What time out period should the user specify for connection draining?

35. 用户在 EC2 实例上托管了一个应用程序。EC2 实例配置了 ELB 和自动扩展。应用服务器的会话超时时间为 2 小时。用户希望配置连接排空，以确保即使实例被注销，所有正在处理的请求仍然由 ELB 支持。用户应该为连接排空指定多长时间的超时期？

A. A. 2 hours
A. 2小时

B. B. 1 hour
B. 1 小时

C. C. 30 minutes
C. 30分钟

D. D. 5 minutes
D. 5分钟

36 / 100

分类: SOA

36. 36. A user has created a subnet with VPC and launched an EC2 instance in that subnet with only default settings. Which of the below mentioned options is ready to use on the EC2 instance as soon as it is launched?

36. 用户在VPC中创建了一个子网，并在该子网上以默认设置启动了一个EC2实例。以下哪个选项在EC2实例启动后即可使用？

A. A. Internet gateway
A. 互联网网关

B. B. Elastic IP

B. 弹性IP

C. C. Private IP
C. 私有IP

D. D. Public IP

D. 公共IP

37 / 100

分类: SOA

37. 37. A user is running a batch process on EBS backed EC2 instances. The batch process starts a few instances to process hadoop Map reduce jobs which can run between 50 – 600 minutes or sometimes for more time. The user wants to configure that the instance gets terminated only when the process is completed. How can the user configure this with CloudWatch?

37. 一位用户在基于EBS的EC2实例上运行批处理流程。该批处理流程启动几个实例以处理Hadoop MapReduce作业，这些作业的运行时间通常为50到600分钟，有时甚至更长。用户希望配置实例仅在处理完成后被终止。用户如何通过CloudWatch进行配置？

A. A. Setup a job which terminates all instances after 600 minutes

A. 设置一个在600分钟后终止所有实例的任务

B. B. Setup the CloudWatch action to terminate the instance when the CPU utilization is less than 5%
B. 设置CloudWatch操作以在CPU利用率低于5%时终止实例。

C. C. It is not possible to terminate instances automatically
C. 无法自动终止实例

D. D. Setup the CloudWatch with Auto Scaling to terminate all the instances
D. 设置CloudWatch与自动扩展，以终止所有实例

38 / 100

分类: SOA

38. 38. A system admin is planning to setup event notifications on RDS. Which of the below mentioned services will help the admin setup notifications?

38. 一名系统管理员正在计划在RDS上设置事件通知。以下哪个服务将帮助管理员设置通知？

A. A. AWS Cloudtrail

A. AWS Cloudtrail

B. B. AWS SES

B. AWS SES

C. C. AWS Cloudwatch
C. AWS Cloudwatch

D. D. AWS SNS

D. AWS SNS

39 / 100

分类: SOA

39. 39. A user is trying to understand the CloudWatch metrics for the AWS services. It is required that the user should first understand the namespace for the AWS services. Which of the below
mentioned is not a valid namespace for the AWS services?

39. 用户正在尝试理解AWS服务的CloudWatch指标。用户需要首先了解AWS服务的命名空间。以下哪个提到的不是AWS服务的有效命名空间？

A. A. AWS/SWF
A. AWS/SWF

B. B. AWS/ElastiCache
B. AWS/ElastiCache

C. C. AWS/CloudTrail

C. AWS/CloudTrail

D. D. AWS/StorageGateway
D. AWS/StorageGateway

40 / 100

分类: SOA

40. 40. A user has configured the Auto Scaling group with the minimum capacity as 3 and the maximum capacity as 5. When the user configures the AS group, how many instances will Auto Scaling launch?
40. 用户将自动扩展组的最小容量配置为3，最大容量配置为5。当用户配置AS组时，自动扩展将启动多少个实例？

A. A. 2
A. 2

B. B. 3
B. 3

C. C. 5
C. 5

D. D. 0
D. 0

41 / 100

分类: SOA

41. 41. A user is trying to pre-warm a blank EBS volume attached to a Linux instance. Which of the below mentioned steps should be performed by the user?

41. 用户正在尝试预热附加到 Linux 实例的空白 EBS 卷。用户应该执行以下哪些步骤？

A. A. Unmount the volume before pre-warming
A. 在预热之前卸载卷

B. B. Contact AWS support to pre-warm

B. 联系AWS支持以进行预热

C. C. Format the device
C. 格式化设备

D. D. There is no need to pre-warm an EBS volume

D. 不需要预热EBS卷

42 / 100

分类: SOA

42. 42. A user has launched an EC2 instance. The instance got terminated as soon as it was launched. Which of the below mentioned options is not a possible reason for this?

42. 用户已启动了一个EC2实例。该实例在启动后立即被终止。以下提到的选项中，哪个不是可能的原因？

A. A. The snapshot is corrupt

A. 快照已损坏

B. B. The user account has reached the maximum EC2 instance limit

B. 用户帐户已达到最大 EC2 实例限制

C. C. The user account has reached the maximum volume limit
C. 用户账户已达到最大容量限制

D. D. The AMI is missing. It is the required part
D.
AMI缺失。它是必需的部分。

43 / 100

分类: SOA

43. 43. A user has launched an ELB which has 5 instances registered with it. The user deletes the ELB by mistake. What will happen to the instances?

43. 用户启动了一个ELB，该ELB注册了5个实例。用户误删除了ELB。实例会发生什么？

A. A. Instances will keep running

A. 实例将继续运行

B. B. ELB will ask the user whether to delete the instances or not
B. ELB将询问用户是否要删除实例。

C. C. Instances will be terminated
C. 实例将被终止

D. D. ELB cannot be deleted if it has running instances registered with it

D. 如果ELB有运行中的实例注册在其上，则无法删除。

44 / 100

分类: SOA

44. 44. An organization has been using AWS for a few months. The finance team wants to visualize the pattern of AWS spending. Which of the below AWS tools will help for this requirement?

44. 一个组织已经使用AWS几个月。财务团队希望可视化AWS支出的模式。以下哪个AWS工具可以帮助满足这个需求？

A. A. AWS Consolidated Billing

A. AWS 合并计费

B. B. AWS CloudWatch
B. AWS CloudWatch

C. C. AWS Cost Explorer
C. AWS 成本探索器

D. D. AWS Cost Manager
D. AWS 成本管理器

45 / 100

分类: SOA

45. 45. A user has created a VPC with CIDR 20.0.0.0/16. The user has used all the IPs of CIDR and wants to increase the size of the VPC. The user has two subnets: public (20.0.0.0/20) and private (20.0.1.0/20). How can the user change the size of the VPC?

45. 用户创建了一个CIDR为20.0.0.0/16的VPC。用户已经使用了CIDR的所有IP，并希望增加VPC的大小。用户有两个子网：公共（20.0.0.0/20）和私有（20.0.1.0/20）。用户如何更改VPC的大小？

A. A. The user can delete the subnets first and then modify the size of the VPC

A. 用户可以先删除子网，然后修改VPC的大小。

B. B. The user can delete all the instances of the subnet. Change the size of the subnets to 20.0.0.0/32 and 20.0.1.0/32, respectively. Then the user can increase the size of the VPC using CLI
B. 用户可以删除所有子网的实例。
将子网的大小分别更改为20.0.0.0/32和20.0.1.0/32。
然后用户可以使用CLI增加VPC的大小。

C. C. The user can add a subnet with a higher range so that it will automatically increase the size of the VPC

C. 用户可以添加一个更高范围的子网，从而自动增加VPC的大小。

D. D. It is not possible to change the size of the VPC once it has been created
D. 一旦创建VPC，就无法更改其大小。

46 / 100

分类: SOA

46. 46. A user has launched an EBS backed instance. The user started the instance at 9 AM in the morning. Between 9 AM to 10 AM, the user is testing some script. Thus, he stopped the instance twice and restarted it. In the same hour the user rebooted the instance once. For how many instance hours will AWS charge the user?

46. 用户启动了一个由 EBS 支持的实例。用户在早上 9 点启动了实例。在早上 9 点到 10 点之间，用户正在测试一些脚本。因此，他停止了实例两次并重新启动了它。在同一个小时内，用户重启了实例一次。AWS 将向用户收取多少实例小时费用？

A. A. 1 hour
A. 1小时

B. B. 2 hours
B. 2小时

C. C. 4 hours
C. 4小时

D. D. 3 hours
D. 三小时

47 / 100

分类: SOA

47. 47. A user has configured an HTTPS listener on an ELB. The user has not configured any security policy which can help to negotiate SSL between the client and ELB. What will ELB do in this scenario?

47. 用户在ELB上配置了HTTPS监听器。

用户没有配置任何安全策略来帮助客户端与ELB之间进行SSL协商。

在这种情况下，ELB将会怎么做？

A. A. ELB creation will fail without a security policy
A. ELB 创建在没有安全策略的情况下将失败

B. B. By default ELB will select the latest version of the policy
B. 默认情况下，ELB将选择策略的最新版本

C. C. By default ELB will select the first version of the security policy
C. 默认情况下，ELB 将选择安全策略的第一个版本。

D. D. It is not required to have a security policy since SSL is already installed
D. 由于已经安装了SSL，因此不需要拥有安全政策。

48 / 100

分类: SOA

48. 48. A user has configured an SSL listener at ELB as well as on the back-end instances. Which of the below mentioned statements helps the user understand ELB traffic handling with respect to the SSL listener?

48. 用户在ELB上以及后端实例上配置了SSL监听器。以下哪些陈述能帮助用户理解ELB在SSL监听器方面的流量处理？

A. A. ELB will not modify the headers
A. ELB 将不会修改头部信息

B. B. ELB will intercept the request to add the cookie details if sticky session is enabled

B. 如果启用了粘性会话，ELB 将拦截请求以添加 cookie 详细信息。

C. C. ELB will modify headers to add requestor details
C. ELB将修改头部以添加请求者详细信息

D. D. It is not possible to have the SSL listener both at ELB and back-end instances

D. 不可能在负载均衡器和后端实例上同时拥有SSL监听器

49 / 100

分类: SOA

49. 49. A user is accessing RDS from an application. The user has enabled the Multi AZ feature with the MS SQL RDS DB. During a planned outage how will AWS ensure that a switch from DB to a standby replica will not affect access to the application?

49. 一位用户正在通过应用程序访问RDS。该用户已启用MS SQL RDS数据库的多可用区功能。在计划停机期间，AWS将如何确保从数据库切换到备用副本不会影响对应用程序的访问？

A. A. RDS uses DNS to switch over to stand by replica for seamless transition

A. RDS使用DNS切换到备用副本，实现无缝过渡

B. B. The switch over changes Hardware so RDS does not need to worry about access
B. 切换会改变硬件，因此 RDS 不需要担心访问。

C. C. RDS will have an internal IP which will redirect all requests to the new DB
C. RDS将拥有一个内部IP，将所有请求重定向到新的数据库。

D. D. RDS will have both the DBs running independently and the user has to manually switch over
D. RDS将同时运行两个数据库，用户必须手动切换。

50 / 100

分类: SOA

50. 50. A user has created an ELB with the availability zone US-East-1A. The user wants to add more zones to ELB to achieve High Availability. How can the user add more zones to the existing ELB?

50. 用户创建了一个带有可用区 US-East-1A 的 ELB。用户希望向 ELB 添加更多可用区以实现高可用性。用户如何向现有的 ELB 添加更多可用区？

A. A. The only option is to launch instances in different zones and add to ELB

A. 唯一的选择是在不同的可用区启动实例并添加到ELB。

B. B. It is not possible to add more zones to the existing ELB
B. 无法向现有的ELB添加更多区域。

C. C. The user should stop the ELB and add zones and instances as required
C. 用户应停止ELB，并根据需要添加可用区和实例。

D. D. The user can add zones on the fly from the AWS console
D. 用户可以通过AWS控制台动态添加区域

51 / 100

分类: SOA

51. 51. An organization has created a Queue named “modularqueue” with SQS. The organization is not performing any operations such as SendMessage, ReceiveMessage, DeleteMessage, GetQueueAttributes, SetQueueAttributes, AddPermission, and RemovePermission on the queue. What can happen in this scenario?

51. 一家组织创建了一个名为“modularqueue”的队列，使用的是SQS。

该组织没有执行任何操作，例如SendMessage、ReceiveMessage、DeleteMessage、GetQueueAttributes、SetQueueAttributes、AddPermission和RemovePermission。

在这种情况下会发生什么？

A. A. AWS SQS can delete queue after 30 days without notification
A. AWS SQS可以在30天后不发出通知地删除队列

B. B. AWS SQS sends notification after 15 days for inactivity on queue
B. AWS SQS在队列不活动15天后发送通知

C. C. AWS SQS notifies the user after 2 weeks and deletes the queue after 3 weeks.

C. AWS SQS在2周后通知用户，并在3周后删除队列。

D. D. AWS SQS marks queue inactive after 30 days
D. AWS SQS在30天后将队列标记为非活动状态

52 / 100

分类: SOA

52. 52. A user has provisioned 2000 IOPS to the EBS volume. The application hosted on that EBS is experiencing less IOPS than provisioned. Which of the below mentioned options does not affect the IOPS of the volume?

52. 用户已经为EBS卷配置了2000 IOPS。托管在该EBS上的应用程序所经历的IOPS少于所配置的IOPS。以下选项中哪个不影响卷的IOPS？

A. A. The instance is EBS optimized

A. 该实例经过EBS优化

B. B. The EC2 instance has 10 Gigabit Network connectivity

B. EC2实例具有10千兆位网络连接

C. C. The application does not have enough IO for the volume

C. 应用程序没有足够的输入输出以支持该卷

D. D. The volume size is too large
D. 卷的大小太大

53 / 100

分类: SOA

53. 53. An organization has configured Auto Scaling with ELB. One of the instance health check returns the status as Impaired to Auto Scaling. What will Auto Scaling do in this scenario?

53. 一个组织已经配置了带有 ELB 的自动伸缩。某个实例的健康检查返回的状态为“受损”给自动伸缩。在这种情况下，自动伸缩将会怎么做？

A. A. Perform a health check until cool down before declaring that the instance has failed
A. 在宣布实例已失败之前，执行健康检查，直到冷却结束。

B. B. Notify ELB to stop sending traffic to the impaired instance

B. 通知ELB停止向受损实例发送流量

C. C. Notify the user using SNS for the failed state
C. 使用SNS通知用户失败状态

D. D. Terminate the instance and launch a new instance
D. 终止实例并启动新实例

54 / 100

分类: SOA

54. 54. An organization has configured Auto Scaling with ELB. There is a memory issue in the application which is causing CPU utilization to go above 90%. The higher CPU usage triggers an event for Auto Scaling as per the scaling policy. If the user wants to find the root cause inside the application without triggering a scaling activity, how can he achieve this?

54. 一个组织已经配置了带有负载均衡器的自动扩展。应用程序中存在内存问题，导致 CPU 利用率超过 90%。较高的 CPU 使用率根据扩展策略触发自动扩展事件。如果用户希望在不触发扩展活动的情况下找出应用程序内的根本原因，他该如何实现这一目标？

A. A. Delete Auto Scaling until research is completed
A. 删除自动扩展，直到研究完成

B. B. Suspend the scaling process until research is completed
B. 暂停扩展过程，直到研究完成

C. C. It is not possible to find the root cause from that instance without triggering scaling
C. 无法在未触发扩展的情况下从该实例中找到根本原因。

D. D. Stop the scaling process until research is completed
D. 在研究完成之前停止扩展过程

55 / 100

分类: SOA

55. 55. A user runs the command “dd if=/dev/xvdf of=/dev/null bs=1M” on an EBS volume created from a snapshot and attached to a Linux instance. Which of the below mentioned activities is the user performing with the step given above?

55. 用户在从快照创建并附加到Linux实例的EBS卷上运行命令“dd if=/dev/xvdf of=/dev/null bs=1M”。上述步骤中用户正在执行以下哪项活动？

A. A. Initiating the device to mount on the EBS volume

A. 启动设备以挂载到 EBS 卷上

B. B. Copying the data from a snapshot to the device
B. 将数据从快照复制到设备

C. C. Pre warming the EBS volume

C. 预热EBS卷

D. D. Formatting the volume
D. 格式化音量

正确答案: C
When the user creates an EBS volume and is trying to access it for the first time it will encounter reduced IOPS due to wiping or initiating of the block storage. To avoid this as well as achieve the best performance it is required to pre warm the EBS volume. For a volume created from a snapshot and attached with a Linux OS, the “dd” command pre warms the existing data on EBS and any restored snapshots of volumes that have been previously fully pre warmed. This command maintains incremental snapshots; however, because this operation is read-only, it does not pre warm unused space that has never been written to on the original volume. In the command “dd if=/dev/xvdf of=/dev/null bs=1M” , the parameter “if=input file” should be set to the drive that the user wishes to warm. The “of=output file” parameter should be set to the Linux null virtual device, /dev/null. The “bs” parameter sets the block size of the read operation; for optimal performance, this should be set to 1 MB.,Reference: http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ebs-prewarm.html

正确答案: C

当用户创建一个EBS卷并首次尝试访问时，可能会由于擦除或初始化块存储而遇到减少的IOPS。为了避免这种情况并实现最佳性能，必须预热EBS卷。对于从快照创建并附加有Linux操作系统的卷，“dd”命令预热EBS上的现有数据以及之前完全预热过的卷的任何恢复快照。该命令保持增量快照；然而，由于此操作是只读的，因此并不会预热从未在原始卷上写入的未使用空间。在命令“dd if=/dev/xvdf of=/dev/null bs=1M”中，参数“if=input file”应设置为用户希望预热的驱动器。“of=output file”参数应设置为Linux空虚拟设备，/dev/null。“bs”参数设置读取操作的块大小；为了达到最佳性能，应该设置为1 MB。

参考: http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ebs-prewarm.html

56 / 100

分类: SOA

56. 56. A user is planning to setup infrastructure on AWS for the Christmas sales. The user is planning to use Auto Scaling based on the schedule for proactive scaling. What advise would you give to the user?

56. 用户计划在AWS上搭建基础设施以应对圣诞销售。

用户计划根据调度使用自动扩展进行主动扩展。

你会给用户什么建议？

A. A. Wait till end of November before scheduling the activity
A. 在安排活动之前，请等到11月底。

B. B. The scaling should be setup only one week before Christmas

B. 规模调整应在圣诞节前仅设置一周。

C. C. It is not advisable to use scheduled based scaling

C. 不建议使用基于调度的扩展。

D. D. It is good to schedule now because if the user forgets later on it will not scale up
D. 现在安排是好的，因为如果用户稍后忘记了，它就无法升级。

57 / 100

分类: SOA

57. 57. A user has launched an EBS backed EC2 instance. The user has rebooted the instance. Which of the below mentioned statements is not true with respect to the reboot action?

57. 用户已启动一个基于EBS的EC2实例。用户已重启该实例。以下哪项陈述与重启操作不相符？

A. A. The Elastic IP remains associated with the instance

A. 弹性 IP 仍然与实例关联

B. B. The instance runs on a new host computer
B. 实例运行在一台新的主机计算机上

C. C. The private and public address remains the same
C. 私人地址和公共地址保持不变

D. D. The volume is preserved
D. 体积被保持

58 / 100

分类: SOA

58. 58. An organization is using cost allocation tags to find the cost distribution of different departments and projects. One of the instances has two separate tags with the key/ value as “InstanceName/HR”, “CostCenter/HR”. What will AWS do in this case?

58. 一个组织正在使用成本分配标签来查找不同部门和项目的成本分布。其中一个实例有两个独立的标签，键/值为“InstanceName/HR”，“CostCenter/HR”。AWS在这种情况下会怎么做？

A. A. InstanceName is a reserved tag for AWS. Thus, AWS will not allow this tag

A. InstanceName 是 AWS 的一个保留标签。

因此，AWS 将不允许使用此标签。

B. B. AWS will not allow the tags as the value is the same for different keys
B. AWS 将不允许使用标签，因为不同键的值相同

C. C. AWS will allow tags but will not show correctly in the cost allocation report due to the same value of the two separate keys
C. AWS将允许标签，但由于两个不同键的值相同，成本分配报告中将无法正确显示。

D. D. AWS will allow both the tags and show properly in the cost distribution report
D. AWS将允许标签，并在成本分配报告中正确显示

59 / 100

分类: SOA

59. 59. A user has created a mobile application which makes calls to DynamoDB to fetch certain data. The application is using the DynamoDB SDK and root account access/secret access key to connect to DynamoDB from mobile. Which of the below mentioned statements is true with respect to the best practice for security in this scenario?

59. 用户创建了一款移动应用，该应用通过调用DynamoDB来获取特定数据。该应用使用DynamoDB SDK，并通过根账户访问/秘密访问密钥从移动设备连接到DynamoDB。在此情况下，关于安全最佳实践，以下哪些说法是正确的？

A. A. The user should create an IAM role with DynamoDB and EC2 access. Attach the role with EC2 and route all calls from the mobile through EC2

A. 用户应该创建一个具有DynamoDB和EC2访问权限的IAM角色。

将该角色附加到EC2，并通过EC2路由移动端的所有调用。

B. B. The application should use an IAM role with web identity federation which validates calls to DynamoDB with identity providers, such as Google, Amazon, and Facebook

B. 该应用程序应使用具有 web 身份联合的 IAM 角色，通过身份提供者（如 Google、Amazon 和 Facebook）验证对 DynamoDB 的调用。

C. C. The user should create a separate IAM user for each mobile application and provide DynamoDB access with it

C. 用户应该为每个移动应用程序创建一个单独的 IAM 用户，并为其提供 DynamoDB 访问权限。

D. D. Create an IAM Role with DynamoDB access and attach it with the mobile application
D. 创建一个具有DynamoDB访问权限的IAM角色，并将其与移动应用程序关联。

60 / 100

分类: SOA

60. 60. A user is planning to scale up an application by 8 AM and scale down by 7 PM daily using Auto Scaling. What should the user do in this case?

60. 用户计划通过自动扩缩来在每天早上8点扩展一个应用程序，在晚上7点缩减。用户在这种情况下应该做些什么？

A. A. Setup the scaling policy to scale up and down based on the CloudWatch alarms

A. 设置扩展策略，以便根据CloudWatch警报进行横向和纵向扩展。

B. B. The user should setup a batch process which launches the EC2 instance at a specific time

B. 用户应设置一个批处理程序，以在特定时间启动EC2实例。

C. C. The user should increase the desired capacity at 8 AM and decrease it by 7 PM manually
C. 用户应该在上午8点手动增加所需容量，并在下午7点手动减少它。

D. D. Setup scheduled actions to scale up or down at a specific time

D. 设置计划任务，以在特定时间进行扩展或缩减

61 / 100

分类: SOA

61. 61. A user is planning to setup notifications on the RDS DB for a snapshot. Which of the below mentioned event categories is not supported by RDS for this snapshot source type?

61. 一位用户正在计划为 RDS 数据库的快照设置通知。以下提到的事件类别中哪个不被 RDS 支持作为此快照源类型？

A. A. Creation
A. 创造

B. B. Restoration
B. 恢复

C. C. Backup
C. 备份

D. D. Deletion

D. 删除

62 / 100

分类: SOA

62. 62. A user has launched an EC2 instance from an instance store backed AMI. If the user restarts the instance, what will happen to the ephermal storage data?
62. 用户从一个基于实例存储的AMI启动了一个EC2实例。如果用户重启该实例，临时存储中的数据会发生什么？

A. A. The data is preserved
A. 数据被保存

B. B. All the data will be erased but the ephermal storage will stay connected
B. 所有数据将被删除，但临时存储将保持连接。

C. C. All data will be erased and the ephermal storage is released
C. 所有数据将被擦除，临时存储将被释放。

D. D. It is not possible to restart an instance launched from an instance store backed AMI
D. 无法重新启动从实例存储支持的AMI启动的实例。

63 / 100

分类: SOA

63. 63. An organization has applied the below mentioned policy on an IAM group which has a few IAM users. What entitlements do the IAM users of that group avail with this policy?
{
“Version”: “2012-10-17”,
“Statement”: [
{
“Effect”: “Allow”,
“Action”: “iam:*”,
“Resource”: “*”
}
]
}

63. 一个组织对一个包含几个 IAM 用户的 IAM 组应用了以下政策。该组的 IAM 用户通过此政策可以获得哪些权限？

{
“Version”: “2012-10-17”,

“Statement”: [

{

“Effect”: “Allow”,

“Action”: “iam:*”,

“Resource”: “*”

}

]

}

A. A. The policy is not created correctly. It will throw an error for wrong action
A. 政策未正确创建。它将因为错误的操作而抛出错误。

B. B. It allows full access to all AWS services except IAM services for the IAM users who are part of this group
B. 它允许该组中属于 IAM 用户的用户完全访问除了 IAM 服务之外的所有 AWS 服务。

C. C. It allows full access to IAM for the IAM users who are part of this group
翻译结果

C. 它允许属于此组的 IAM 用户全面访问 IAM。

D. D. The policy cannot be applied to a group since it is for IAM access
D. 该政策无法应用于群组，因为它是针对IAM访问的。

正确答案: C
AWS Identity and Access Management is a web service which allows organizations to manage users and user permissions for various AWS services. The IAM group allows the organization to specify permissions for a collection of users. With the below mentioned policy, it will allow the group full access to IAM management. The user part of this group will be able to create or manage the IAM users, groups or roles.,{,“Version”: “2012-10-17”,,“Statement”: [,{,“Effect”: “Allow”,,“Action”: “iam:*”,,“Resource”: “*”,},],},Reference: http://docs.aws.amazon.com/IAM/latest/UserGuide/GSGHowToCreateAdminsGroup.html

正确答案: C

AWS身份与访问管理是一项网络服务，允许组织管理用户及其对各种AWS服务的权限。

IAM组允许组织为一组用户指定权限。

根据下面提到的策略，将允许该组对IAM管理进行完全访问。

该组中的用户将能够创建或管理IAM用户、组或角色。

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": "iam:*",
            "Resource": "*"
        }
    ]
}

参考: http://docs.aws.amazon.com/IAM/latest/UserGuide/GSGHowToCreateAdminsGroup.html

64 / 100

分类: SOA

64. 64. A user has configured ELB with Auto Scaling. The user suspended the Auto Scaling AddToLoadBalancer (which adds instances to the load balancer) process for a while. What will happen to the instances launched during the suspension period?

64. 用户已经配置了带有自动伸缩的ELB。

用户暂停了自动伸缩的AddToLoadBalancer（将实例添加到负载均衡器）的过程一段时间。

在暂停期间启动的实例将会发生什么？

A. A. It is not possible to suspend only the AddToLoadBalancer process

A. 无法仅暂停 AddToLoadBalancer 进程

B. B. Auto Scaling will not launch the instance during this period due to process suspension
B. 在此期间，由于进程暂停，自动扩展将不会启动实例。

C. C. The instances will be registered with ELB only once the process has resumed
C. 实例将在过程恢复后仅注册到ELB。

D. D. The instances will not be registered with ELB and the user has to manually register when the process is resumed

D. 实例将不会与 ELB 注册，用户必须在流程恢复时手动注册。

65 / 100

分类: SOA

65. 65. An organization is trying to create various IAM users. Which of the below mentioned options is not a valid IAM username?

65. 一个组织正在尝试创建各种IAM用户。以下提到的选项中哪个不是有效的IAM用户名？

A. A. johnAnswer: Cloud
A. john
答案：云

B. B. john#cloud
B. john#cloud

C. C. John.cloud

C. John.cloud

D. D. John=cloud

D. 约翰=云

66 / 100

分类: SOA

66. 66. A user has configured ELB with Auto Scaling. The user suspended the Auto Scaling AlarmNotification (which notifies Auto Scaling for CloudWatch alarms) process for a while. What will Auto Scaling do during this period?

66. 用户配置了带有自动扩展的ELB。用户暂停了自动扩展报警通知（用于通知自动扩展CloudWatch报警）过程一段时间。在此期间，自动扩展将会做什么？

A. A. It is not possible to suspend the AlarmNotification process

A. 无法暂停AlarmNotification进程

B. B. AWS will receive the alarms but will not execute the Auto Scaling policy

B. AWS 将接收警报，但不会执行自动扩展策略。

C. C. AWS will not receive the alarms from CloudWatch

C. AWS将不会接收到来自CloudWatch的报警

D. D. Auto Scaling will execute the policy but it will not launch the instances until the process is resumed
D. 自动伸缩将执行该策略，但在流程恢复之前不会启动实例。

67 / 100

分类: SOA

67. 67. A root account owner is trying to understand the S3 bucket ACL. Which of the below mentioned options cannot be used to grant ACL on the object using the authorized predefined group?

67. 一个根账户所有者正在尝试了解 S3 桶的 ACL。以下提到的哪个选项不能用于通过授权的预定义组授予对象的 ACL？

A. A. All users group

A. 所有用户组

B. B. Log Delivery Group

B. 日志传输组

C. C. Authenticated user group
C. 经过验证的用户组

D. D. Canonical user group

D. 规范用户组

68 / 100

分类: SOA

68. 68. You are managing the AWS account of a big organization. The organization has more than 1000+ employees and they want to provide access to the various services to most of the employees. Which of the below mentioned options is the best possible solution in this case?

68. 您正在管理一个大型组织的AWS账户。该组织拥有超过1000名员工，他们希望为大多数员工提供对各种服务的访问权限。以下哪个选项是在这种情况下最佳的解决方案？

A. A. The user should create a separate IAM user for each employee and provide access to them as per the policy

A. 用户应为每位员工创建一个单独的IAM用户，并根据政策给予他们访问权限。

B. B. The user should create IAM groups as per the organization’s departments and add each user to the group for better access control

B. 用户应根据组织的部门创建 IAM 组，并将每个用户添加到相应的组，以实现更好的访问控制。

C. C. The user should create an IAM role and attach STS with the role. The user should attach that role to the EC2 instance and setup AWS authentication on that server

C. 用户应创建一个IAM角色并将STS附加到该角色上。
用户应将该角色附加到EC2实例并在该服务器上设置AWS身份验证。

D. D. Attach an IAM role with the organization’s authentication service to authorize each user for various AWS services
D. 附加一个IAM角色与组织的身份验证服务，以授权每个用户访问各种AWS服务。

69 / 100

分类: SOA

69. 69. An organization has created 10 IAM users. The organization wants each of the IAM users to have access to a separate DyanmoDB table. All the users are added to the same group and the organization wants to setup a group level policy for this. How can the organization achieve this?

69. 一个组织创建了10个IAM用户。该组织希望每个IAM用户都能访问一个独立的DynamoDB表。所有用户被添加到同一个组中，组织希望为此设置一个组级别的策略。该组织如何实现这一目标？

A. A. Create a DynamoDB table with the same name as the IAM user name and define the policy rule which grants access based on the DynamoDB ARN using a variable

A. 创建一个与IAM用户名相同名称的DynamoDB表，并定义基于DynamoDB ARN的访问权限策略规则，使用变量。

B. B. Create a separate DynamoDB database for each user and configure a policy in the group based on the DB variable

B. 为每个用户创建一个单独的DynamoDB数据库，并根据DB变量在组中配置一个策略

C. C. Define the group policy and add a condition which allows the access based on the IAM name

C. 定义组策略并添加一个条件，以便根据IAM名称允许访问。

D. D. It is not possible to have a group level policy which allows different IAM users to different DynamoDB tables

D. 不可能有一个组级策略，允许不同的IAM用户访问不同的DynamoDB表。

正确答案: A
AWS Identity and Access Management is a web service which allows organizations to manage users and user permissions for various AWS services. AWS DynamoDB has only tables and the organization cannot make separate databases. The organization should create a table with the same name as the IAM user name and use the ARN of DynamoDB as part of the group policy. The sample policy is shown below:,{,“Version”: “2012-10-17”,,“Statement”: [{,“Effect”: “Allow”,,“Action”: [“dynamodb:*”],,“Resource”: “arn:aws:dynamodb:region:account-number-without-hyphens:table/${aws:username}”,},],},Reference: http://docs.aws.amazon.com/IAM/latest/UserGuide/ExampleIAMPolicies.html

正确答案: A

AWS 身份和访问管理是一项网络服务，允许组织管理用户及其在各种 AWS 服务中的权限。AWS DynamoDB 只有表，组织无法创建单独的数据库。组织应该创建一个与 IAM 用户名相同的表，并将 DynamoDB 的 ARN 作为组策略的一部分。示例策略如下：

{
    “Version”: “2012-10-17”,
    “Statement”: [{
        “Effect”: “Allow”,
        “Action”: [“dynamodb:*”],
        “Resource”: “arn:aws:dynamodb:region:account-number-without-hyphens:table/${aws:username}”
    }]
}

参考: http://docs.aws.amazon.com/IAM/latest/UserGuide/ExampleIAMPolicies.html

70 / 100

分类: SOA

70. 70. A user has launched two EBS backed EC2 instances in the US-East-1a region. The user wants to change the zone of one of the instances. How can the user change it?

70. 用户在美国东部1a区域启动了两个基于EBS的EC2实例。用户想要更改其中一个实例的可用区。用户如何更改它？

A. A. From the AWS EC2 console, select the Actions – > Change zones and specify new zone

A. 从 AWS EC2 控制台中，选择操作 -> 更改区域，并指定新区域

B. B. Stop one of the instances and change the availability zone
B. 停止其中一个实例并更改可用区

C. C. Create an AMI of the running instance and launch the instance in a separate AZ
C. 创建正在运行的实例的AMI，并在一个单独的可用区启动该实例

D. D. The zone can only be modified using the AWS CLI

D. 该区域只能通过 AWS CLI 进行修改。

71 / 100

分类: SOA

71. 71. An application is generating a log file every 5 minutes. The log file is not critical but may be required only for verification in case of some major issue. The file should be accessible over the internet whenever required. Which of the below mentioned options is a best possible storage solution for it?

71. 一款应用程序每五分钟生成一个日志文件。日志文件并不是关键的，但在出现重大问题时可能需要进行验证。该文件应在需要时可以通过互联网访问。以下哪个选项是最佳的存储解决方案？

A. A. AWS S3 RRS

A. AWS S3 RRS

B. B. AWS RDS

B. AWS RDS

C. C. AWS S3
C. AWS S3

D. D. AWS Glacier
D. AWS Glacier

72 / 100

分类: SOA

72. 72. George has shared an EC2 AMI created in the US East region from his AWS account with Stefano. George copies the same AMI to the US West region. Can Stefano access the copied AMI of George’s account from the US West region?

72. George 从他的 AWS 账户中与 Stefano 分享了一个在美国东部区域创建的 EC2 AMI。George 将同一个 AMI 复制到美国西部区域。Stefano 能否从美国西部区域访问 George 账户中复制的 AMI？

A. A. No, copy AMI does not copy the permission

A. 不，复制AMI不会复制权限。

B. B. Yes, since copy AMI copies all the permissions attached with the AMI
B. 是的，因为复制 AMI 会复制与该 AMI 相关的所有权限。

C. C. It is not possible to share the AMI with a specific account
C. 无法将AMI与特定账户共享

D. D. Yes, since copy AMI copies all private account sharing permissions
D. 是的，因为复制AMI会复制所有私人账户共享权限。

73 / 100

分类: SOA

73. 73. A user want’s to configure a CloudWatch alarm on RDS to receive a notification when the CPU utilization of RDS is higher than 50%. Currently – at the time the user wants to create the alarm, there is some activity on RDS, such as RDS unavailability. How must the user procede?

73. 用户想在RDS上配置一个CloudWatch警报，以便在RDS的CPU利用率超过50%时接收通知。当前 – 在用户想要创建警报时，RDS上存在一些活动，例如RDS不可用。用户应该如何进行？

A. A. It is not possible to setup the alarm on RDS under the circumstances

A. 在这种情况下，无法在RDS上设置警报。

B. B. Setup the notification when the CPU utilization is less than 10%
B. 当CPU利用率低于10%时设置通知

C. C. Setup the notification when the state is Insufficient Data
C. 在状态为不足数据时设置通知

D. D. Setup the notification when the CPU is more than 75% on RDS
D. 当RDS上的CPU超过75%时设置通知

74 / 100

分类: SOA

74. 74. A user has setup a VPC with CIDR 20.0.0.0/16. The VPC has a private subnet (20.0.1.0/24) and a public subnet (20.0.0.0/24). The user’s data centre has CIDR of 20.0.54.0/24 and 20.1.0.0/24. If the private subnet wants to communicate with the data centre, what will happen?

74. 用户设置了一个CIDR为20.0.0.0/16的VPC。该VPC有一个私有子网（20.0.1.0/24）和一个公共子网（20.0.0.0/24）。用户的数据中心CIDR为20.0.54.0/24和20.1.0.0/24。如果私有子网想与数据中心进行通信，会发生什么情况？

A. A. It will allow traffic with data centre on CIDR 20.1.0.0/24 but does not allow on 20.0.54.0/24

A. 它将允许与数据中心在 CIDR 20.1.0.0/24 的流量，但不允许在 20.0.54.0/24 的流量。

B. B. It will not allow traffic with data centre on CIDR 20.1.0.0/24 but allows traffic communication on 20.0.54.0/24
B. 它将不允许与CIDR 20.1.0.0/24的数据中心进行通信，
但允许在20.0.54.0/24上进行流量通信。

C. C. It will allow traffic communication on both the CIDRs of the data centre
C. 这将允许数据中心两个CIDR之间的流量通信。

D. D. It will not allow traffic communication on any of the data centre CIDRs

D. 它将不允许在任何数据中心CIDR上进行流量通信。

75 / 100

分类: SOA

75. 75. A user has setup a billing alarm using CloudWatch for $200. The usage of AWS exceeded $200 after some days. The user wants to increase the limit from $200 to $400? What should the user do?

75. 用户使用CloudWatch设定了一个$200的账单警报。经过几天后，AWS的使用费用超过了$200。用户想将限额从$200增加到$400。用户应该怎么做？

A. A. Update the alarm to set the limit at $400 instead of $200

A. 将警报的限额更新为400美元，而不是200美元

B. B. Create a new alarm of $400 and link it with the first alarm
B. 创建一个新的$400的警报，并将其与第一个警报链接。

C. C. It is not possible to modify the alarm once it has crossed the usage limit
C. 一旦超出使用限制，就不能修改警报。

D. D. Create a new alarm for the additional $200 amount
D. 为额外的200美元创建一个新的警报

76 / 100

分类: SOA

76. 76. A user has created a VPC with public and private subnets using the VPC wizard. The VPC has CIDR 20.0.0.0/16. The private subnet uses CIDR 20.0.0.0/24. The NAT instance ID is i-a12345. Which of the below mentioned entries are required in the main route table attached with the private subnet to allow instances to connect with the internet?

76. 一名用户通过VPC向导创建了一个具有公共和私有子网的VPC。该VPC的CIDR为20.0.0.0/16。私有子网使用CIDR为20.0.0.0/24。NAT实例ID为i-a12345。以下哪些条目是私有子网附加的主要路由表中所必需的，以允许实例连接到互联网？

A. A. Destination: 20.0.0.0/0 and Target: 80
A. 目的地：20.0.0.0/0
目标：80

B. B. Destination: 0.0.0.0/0 and Target: i-a12345

B. 目标：0.0.0.0/0 和目标：i-a12345

C. C. Destination: 20.0.0.0/0 and Target: i-a12345
C. 目的地：20.0.0.0/0
目标：i-a12345

D. D. Destination: 20.0.0.0/24 and Target: i-a12345
D. 目标: 20.0.0.0/24
和目标: i-a12345

77 / 100

分类: SOA

77. 77. A user has deployed an application on his private cloud. The user is using his own monitoring tool. He wants to configure it so that whenever there is an error, the monitoring tool will notify him via SMS. Which of the below mentioned AWS services will help in this scenario?

77. 一位用户在他的私有云上部署了一个应用程序。该用户正在使用自己的监控工具。他希望配置该工具，使其在出现错误时通过短信通知他。下面提到的哪些AWS服务可以在这种情况下提供帮助？

A. A. AWS SNS

A. AWS SNS

B. B. None because the user infrastructure is in the private cloud.
B. 没有，因为用户基础设施位于私有云中。

C. C. AWS SES

C. AWS SES

D. D. AWS SMS

D. AWS SMS

78 / 100

分类: SOA

78. 78. A user has stored data on an encrypted EBS volume. The user wants to share the data with his friend’s AWS account. How can user achieve this?

78. 用户在加密的 EBS 卷上存储了数据。用户想要与他朋友的 AWS 账户共享这些数据。用户该如何实现这一点？

A. A. Take a snapshot and share the snapshot with a friend
A. 拍摄快照并与朋友分享快照

B. B. If both the accounts are using the same encryption key then the user can share the volume directly

B. 如果两个账户使用相同的加密密钥，则用户可以直接共享该卷。

C. C. Copy the data to an unencrypted volume and then share
C. 将数据复制到未加密的卷中，然后共享

D. D. Create an AMI from the volume and share the AMI
D. 从卷创建一个AMI并分享该AMI

79 / 100

分类: SOA

79. 79. A user has created a launch configuration for Auto Scaling where CloudWatch detailed monitoring is disabled. The user wants to now enable detailed monitoring. How can the user achieve this?

79. 用户创建了一个 Auto Scaling 的启动配置，其中禁用了 CloudWatch 的详细监控。用户现在希望启用详细监控。用户该如何实现这一点？

A. A. Update the Launch config with CLI to set InstanceMonitoring.Enabled = true
A. 使用CLI更新启动配置，将InstanceMonitoring.Enabled设置为true

B. B. Update the Launch config with CLI to set InstanceMonitoringDisabled = false
B. 使用CLI更新Launch配置，将InstanceMonitoringDisabled设置为false

C. C. The user should change the Auto Scaling group from the AWS console to enable detailed monitoring

C. 用户应从 AWS 控制台更改自动扩展组，以启用详细监控。

D. D. Create a new Launch Config with detail monitoring enabled and update the Auto Scaling group
D. 创建一个新的启动配置，并启用详细监控，更新自动缩放组

80 / 100

分类: SOA

80. 80. A root account owner has created an S3 bucket testmycloud. The account owner wants to allow everyone to upload the objects as well as enforce that the person who uploaded the object should manage the permission of those objects. Which is the easiest way to achieve this?

80. 一个根账户持有者创建了一个名为testmycloud的S3桶。该账户持有者希望允许每个人上传对象，并且强制上传该对象的人管理这些对象的权限。实现这一点的最简单方法是什么？

A. A. The root account owner should create a bucket policy which allows the IAM users to upload the object

A. 根账户所有者应创建一个允许IAM用户上传对象的桶策略

B. B. The root account should create the IAM users and provide them the permission to upload content to the bucket

B. 根账户应创建IAM用户，并提供他们将内容上传到存储桶的权限。

C. C. The root account owner should create the bucket policy which allows the other account owners to set the object policy of that bucket

C. 根账户所有者应该创建一个存储桶策略，以允许其他账户所有者设置该存储桶的对象策略。

D. D. The root account should use ACL with the bucket to allow everyone to upload the object
D. 根账户应使用ACL与存储桶配合，以允许所有人上传对象。

81 / 100

分类: SOA

81. 81. A user has created a VPC with CIDR 20.0.0.0/16 with only a private subnet and VPN connection using the VPC wizard. The user wants to connect to the instance in a private subnet over SSH. How should the user define the security rule for SSH?

用户使用 VPC 向导创建了一个 CIDR 为 20.0.0.0/16 的 VPC，仅包含一个私有子网和 VPN 连接。

用户想通过 SSH 连接到私有子网中的实例。用户应该如何定义 SSH 的安全规则？

A. A. The user can connect to a instance in a private subnet using the NAT instance

A. 用户可以通过 NAT 实例连接到私有子网中的实例。

B. B. Allow Inbound traffic on port 80 and 22 to allow the user to connect to a private subnet over the internet
B. 允许在80和22端口上的入站流量，以便用户能够通过互联网连接到私有子网

C. C. Allow Inbound traffic on port 22 from the user’s network
C. 允许来自用户网络的端口22的入站流量

D. D. The user has to create an instance in EC2 Classic with an elastic IP and configure the security group of a private subnet to allow SSH from that elastic IP

D. 用户必须在 EC2 Classic 中创建一个实例，并使用弹性 IP，同时配置私有子网的安全组，以允许从该弹性 IP 进行 SSH 连接。

82 / 100

分类: SOA

82. 82. An organization is planning to use AWS for 5 different departments. The finance department is responsible to pay for all the accounts. However, they want the cost separation for each account to map with the right cost centre. How can the finance department achieve this?

82. 一个组织计划为5个不同部门使用AWS。

财务部门负责支付所有账户的费用。

然而，他们希望每个账户的费用分离与正确的成本中心相匹配。

财务部门如何实现这一目标？

A. A. Create 5 separate accounts and make them a part of one consolidate billing

A. 创建5个独立账户，并将它们合并为一个统一账单。

B. B. Create 5 separate IAM groups and add users as per the department’s employees
B. 创建 5 个独立的 IAM 组，并根据部门的员工添加用户

C. C. Create 5 separate IAM users and set a different policy for their access
C. 创建5个独立的IAM用户并为他们的访问设置不同的策略

D. D. Create 5 separate accounts and use the IAM cross account access with the roles for better management
D. 创建5个独立账户，并使用IAM跨账户访问角色以便更好地管理

83 / 100

分类: SOA

83. 83. A user has created an Auto Scaling group using CLI. The user wants to enable CloudWatch detailed monitoring for that group. How can the user configure this?

83. 用户使用CLI创建了一个自动伸缩组。用户希望为该组启用CloudWatch详细监控。用户该如何配置？

A. A. Enable detail monitoring from the AWS console

A. 从AWS控制台启用详细监控

B. B. Auto Scaling does not support detailed monitoring
B. 自动缩放不支持详细监控

C. C. By default detailed monitoring is enabled for Auto Scaling

C. 默认情况下，详细监控已为自动扩缩放启用。

D. D. When the user sets an alarm on the Auto Scaling group, it automatically enables detail monitoring
D. 当用户在自动伸缩组上设置警报时，它会自动启用详细监控。

84 / 100

分类: SOA

84. 84. A user has created a VPC with the public subnet. The user has created a security group for that VPC. Which of the below mentioned statements is true when a security group is created?

84. 用户创建了一个具有公共子网的虚拟私有云（VPC）。用户为该VPC创建了一个安全组。以下哪个关于创建安全组的陈述是正确的？

A. A. It can connect to the AWS services, such as S3 and RDS by default

A. 它默认可以连接到AWS服务，例如S3和RDS

B. B. It will have all the outbound traffic by default but block all inbound traffic.

B. 默认情况下，它将具有所有出站流量，但会阻止所有入站流量。

C. C. It will have all the inbound traffic by default

C. 默认情况下，它将拥有所有的入站流量

D. D. It will by default allow traffic to the internet gateway
D. 默认情况下，它将允许流量通过互联网网关

85 / 100

分类: SOA

85. 85. A user is trying to send custom metrics to CloudWatch using the PutMetricData APIs. Which of the below mentioned points should the user needs to take care while sending the data to CloudWatch?

85. 用户正在尝试使用 PutMetricData API 将自定义指标发送到 CloudWatch。用户在将数据发送到 CloudWatch 时应该注意以下哪些要点？

A. A. The size of a request is limited to 16KB for HTTP GET requests and 80KB for HTTP POST requests

A. HTTP GET 请求的请求大小限制为 16KB，HTTP POST 请求的请求大小限制为 80KB。

B. B. The size of a request is limited to 8KB for HTTP GET requests and 40KB for HTTP POST requests

B. 请求的大小限制为HTTP GET请求的8KB，以及HTTP POST请求的40KB。

C. C. The size of a request is limited to 40KB for HTTP GET requests and 8KB for HTTP POST requests

C. HTTP GET 请求的请求大小限制为 40KB，HTTP POST 请求的请求大小限制为 8KB。

D. D. The size of a request is limited to 128KB for HTTP GET requests and 64KB for HTTP POST requests
D. 请求的大小限制为HTTP GET请求的128KB和HTTP POST请求的64KB

86 / 100

分类: SOA

86. 86. An organization has created 50 IAM users. The organization has introduced a new policy which
will change the access of an IAM user. How can the organization implement this effectively so that there is no need to apply the policy at the individual user level?

86. 一个组织创建了50个IAM用户。该组织引入了一项新政策，该政策将更改IAM用户的访问权限。组织如何有效实施此政策，以便无需在每个用户级别应用该政策？

A. A. Use the IAM role and implement access at the role level
A. 使用IAM角色并在角色层面实施访问权限

B. B. Use the IAM groups and add users as per their role to different groups and apply policy to group
B. 使用IAM组，根据用户的角色将其添加到不同的组中，并将策略应用于该组。

C. C. The user can create a policy and apply it to multiple users in a single go with the AWS CLI
C. 用户可以通过 AWS CLI 创建一个策略，并一次性将其应用于多个用户。

D. D. Add each user to the IAM role as per their organization role to achieve effective policy setup
D. 根据每个用户的组织角色将其添加到IAM角色中，以实现有效的策略设置

87 / 100

分类: SOA

87. 87. A user has launched 10 instances from the same AMI ID using Auto Scaling. The user is trying to see the average CPU utilization across all instances of the last 2 weeks under the CloudWatch console. How can the user achieve this?

87. 用户通过自动伸缩从同一个 AMI ID 启动了 10 个实例。用户正在尝试查看过去两周内所有实例的平均 CPU 利用率，方法是通过 CloudWatch 控制台。用户该如何实现这一点？

A. A. It is not possible to see the average CPU utilization of the same AMI ID since the instance ID is different

A. 由于实例 ID 不同，无法查看相同 AMI ID 的平均 CPU 利用率

B. B. View the Auto Scaling CPU metrics
B. 查看自动扩展 CPU 指标

C. C. The user has to use the CloudWatch analyser to find the average data across instances

C. 用户需要使用 CloudWatch 分析器来查找各实例之间的平均数据

D. D. Aggregate the data over the instance AMI ID
D. 对实例 AMI ID 汇总数据

88 / 100

分类: SOA

88. 88. A user has created a web application with Auto Scaling. The user is regularly monitoring the application and he observed that the traffic is highest on Thursday and Friday between 8 AM to 6 PM. What is the best solution to handle scaling in this case?

88. 用户创建了一个具有自动扩展功能的网络应用程序。用户正在定期监控该应用程序，他注意到流量在周四和周五的上午8点到下午6点之间是最高的。为了处理这种情况，最佳的扩展解决方案是什么？

A. A. Schedule Auto Scaling to scale up by 8 AM Thursday and scale down after 6 PM on Friday
A. 定于星期四上午8点自动扩展，并在星期五下午6点后缩减规模。

B. B. Configure a batch process to add a instance by 8 AM and remove it by Friday 6 PM
B. 配置一个批处理过程，
在上午8点添加一个实例，并在星期五下午6点移除它。

C. C. Add a new instance manually by 8 AM Thursday and terminate the same by 6 PM Friday
C. 在周四上午8点之前手动添加一个新实例，并在周五下午6点之前终止该实例。

D. D. Schedule a policy which may scale up every day at 8 AM and scales down by 6 PM
D. 制定一个策略，该策略每天早上8点可能增加规模，并在下午6点降低规模。

89 / 100

分类: SOA

89. 89. A user has created an application which will be hosted on EC2. The application makes calls to DynamoDB to fetch certain data. The application is using the DynamoDB SDK to connect with from the EC2 instance. Which of the below mentioned statements is true with respect to the best practice for security in this scenario?

89. 一位用户创建了一个将托管在 EC2 上的应用程序。该应用程序调用 DynamoDB 来获取某些数据。该应用程序正在使用 DynamoDB SDK 从 EC2 实例进行连接。在这种情况下，下面提到的哪项陈述在安全最佳实践方面是正确的？

A. A. The user should attach an IAM role with DynamoDB access to the EC2 instance

A. 用户应将具有DynamoDB访问权限的IAM角色附加到EC2实例上

B. B. The user should create an IAM role, which has EC2 access so that it will allow deploying the application
B. 用户应该创建一个 IAM 角色，该角色具有 EC2 访问权限，以便允许部署应用程序。

C. C. The user should create an IAM user with DynamoDB and EC2 access. Attach the user with the application so that it does not use the root account credentials

C. 用户应创建一个具有DynamoDB和EC2访问权限的IAM用户。将该用户与应用程序关联，以便它不使用根账户凭据。

D. D. The user should create an IAM user with DynamoDB access and use its credentials within the application to connect with DynamoDB

D. 用户应该创建一个具有DynamoDB访问权限的IAM用户，并在应用程序中使用其凭据连接DynamoDB。

90 / 100

分类: SOA

90. 90. A user is trying to delete an Auto Scaling group from CLI. Which of the below mentioned steps are to be performed by the user?

90. 用户正在尝试从 CLI 中删除一个自动缩放组。用户需要执行以下哪些步骤？

A. A. Terminate the instances with the ec2-terminate-instance command
A. 使用 ec2-terminate-instance 命令终止实例

B. B. Terminate the Auto Scaling instances with the as-terminate-instance command
B. 使用 as-terminate-instance 命令终止自动缩放实例

C. C. There is no need to change the capacity. Run the as-delete-group command and it will reset all values to 0
C. 没有必要改变容量。
运行 as-delete-group 命令，它将所有值重置为 0。

D. D. Set the minimum size and desired capacity to 0
D. 将最小大小和期望容量设置为0

91 / 100

分类: SOA

91. 91. A user has moved an object to Glacier using the life cycle rules. The user requests to restore the archive after 6 months. When the restore request is completed the user accesses that archive. Which of the below mentioned statements is not true in this condition?

91. 用户已根据生命周期规则将一个对象移动到Glacier。用户在6个月后请求恢复该归档。当恢复请求完成后，用户访问该归档。在这种情况下，以下哪个陈述是不正确的？

A. A. The archive will be available as an object for the duration specified by the user during the restoration request

A. 该档案将在用户在恢复请求中指定的持续时间内作为一个对象可用

B. B. The user needs to pay storage for both RRS (restored) and Glacier (Archive) rates

B. 用户需要为 RRS（恢复）和 Glacier（归档）费率支付存储费用

C. C. The restored object’s storage class will be RRS
C. 恢复后的对象存储类将是 RRS

D. D. The user can modify the restoration period only by issuing a new restore request with the updated period
D. 用户只能通过发出带有更新恢复期限的新恢复请求来修改恢复期限。

92 / 100

分类: SOA

92. 92. A user wants to make so that whenever the CPU utilization of the AWS EC2 instance is above 90%, some sort of notification is sent to him. Which of the below mentioned AWS services is helpful for this purpose?

92. 用户希望在 AWS EC2 实例的 CPU 使用率超过 90% 时，能向他发送某种通知。以下哪些 AWS 服务对此目的有帮助？

A. A. AWS CloudWatch and a dedicated software turning on the light

A. AWS CloudWatch 和一个专用软件开启灯光

B. B. AWS CloudWatch + AWS SES
B. AWS CloudWatch + AWS SES

C. C. None. It is not possible to configure the light with the AWS infrastructure services
C. 无。无法使用AWS基础设施服务配置该灯光。

D. D. AWS CloudWatch + AWS SNS
D. AWS CloudWatch + AWS SNS

93 / 100

分类: SOA

93. 93. A user has configured CloudWatch monitoring on an EBS backed EC2 instance. If the user has not attached any additional device, which of the below mentioned metrics will always show a 0 value?

93. 用户已在基于EBS的EC2实例上配置了CloudWatch监控。如果用户没有附加任何额外设备，下面提到的哪个指标将始终显示为0值？

A. A. NetworkOut

A. 网络输出

B. B. DiskReadBytes
B. 磁盘读取字节

C. C. NetworkIn

C. 网络输入

D. D. CPUUtilization
D. CPU使用率

94 / 100

分类: SOA

94. 94. A user is planning to schedule a backup for an EBS volume. The user wants security of the
snapshot data. How can the user achieve data encryption with a snapshot?

94. 一位用户正在计划为 EBS 卷安排备份。用户希望确保快照数据的安全性。用户如何通过快照实现数据加密？

A. A. Enable server side encryption for the snapshot using S3

A. 使用 S3 为快照启用服务器端加密

B. B. While creating a snapshot select the snapshot with encryption
B. 在创建快照时选择带有加密的快照

C. C. By default the snapshot is encrypted by AWS
C. 默认情况下，快照由AWS加密

D. D. Use encrypted EBS volumes so that the snapshot will be encrypted by AWS
D. 使用加密的EBS卷，以便快照将由AWS加密。

95 / 100

分类: SOA

95. 95. A sys admin is planning to subscribe to the RDS event notifications. For which of the below mentioned source categories the subscription cannot be configured?

95. 一位系统管理员计划订阅RDS事件通知。以下提到的哪个源类别无法配置订阅？

A. A. DB snapshot
A. 数据库快照

B. B. DB security group
B. 数据库安全组

C. C. DB options group
C. 数据库选项组

D. D. DB parameter group
D. 数据库参数组

96 / 100

分类: SOA

96. 96. A user has launched a large EBS backed EC2 instance in the US-East-1a region. The user wants
to achieve Disaster Recovery (DR) for that instance by creating another small instance in Europe. How can the user achieve DR?

96. 用户在美东地区的 US-East-1a 启动了一个大型 EBS 支持的 EC2 实例。用户希望通过在欧洲创建另一个小型实例来实现该实例的灾难恢复 (DR)。用户如何实现 DR？

A. A. Copy the instance from the US East region to the EU region
A. 将实例从美国东部区域复制到欧盟区域

B. B. Copy the running instance using the “Instance Copy” command to the EU region

B. 使用“实例复制”命令将运行实例复制到欧盟区域。

C. C. Create an AMI of the instance and copy the AMI to the EU region. Then launch the instance from the EU AMI
C. 创建实例的AMI并将AMI复制到EU区域。
然后从EU AMI启动实例。

D. D. Use the “Launch more like this” option to copy the instance from one region to another
翻译

D. 使用“类似的实例启动更多”选项将实例从一个区域复制到另一个区域

97 / 100

分类: SOA

97. 97. A user has setup an EBS backed instance and attached 2 EBS volumes to it. The user has setup a CloudWatch alarm on each volume for the disk data. The user has stopped the EC2 instance and detached the EBS volumes. What will be the status of the alarms on the EBS volume?

97. 一位用户设置了一个由EBS支持的实例，并为其附加了两个EBS卷。该用户在每个卷上设置了一个CloudWatch告警来监控磁盘数据。用户已停止了EC2实例并卸载了EBS卷。那么EBS卷上的告警状态将是什么？

A. A. Alarm
A. 警报

B. B. OK
B. 好

C. C. The EBS cannot be detached until all the alarms are removed
C. EBS在移除所有警报之前无法被分离。

D. D. Insufficient Data
D. 数据不足

98 / 100

分类: SOA

98. 98. A sys admin has created a shopping cart application and hosted it on EC2. The EC2 instances are running behind ELB. The admin wants to ensure that the end user request will always go to the EC2 instance where the user session has been created. How can the admin configure this?

98. 一位系统管理员创建了一个购物车应用并将其托管在EC2上。EC2实例正在ELB后面运行。管理员希望确保最终用户的请求始终发送到已创建用户会话的EC2实例。管理员该如何配置？

A. A. Enable ELB cross zone load balancing

A. 启用 ELB 跨区域负载均衡

B. B. Enable ELB connection draining

B. 启用 ELB 连接排空

C. C. Enable ELB cookie setup
C. 启用ELB Cookie设置

D. D. Enable ELB sticky session
D. 启用 ELB 会话保持

99 / 100

分类: SOA

99. 99. A user has scheduled the maintenance window of an RDS DB on Monday at 3 AM. Which of the below mentioned events may force to take the DB instance offline during the maintenance window?

99. 一名用户已在星期一凌晨 3 点安排了 RDS 数据库的维护窗口。以下提到的事件中，哪个可能会导致在维护窗口期间使数据库实例下线？

A. A. Enabling Read Replica
翻译结果

A. 启用只读副本

B. B. Security patching
B. 安全补丁

C. C. Backing up the database
C. 备份数据库

D. D. DB password change
D. 数据库密码更改

100 / 100

分类: SOA

100. 100. A user is measuring the CPU utilization of a private data centre machine every minute. The machine provides the aggregate of data every hour, such as Sum of data”, “Min value”, “Max value, and “Number of Data points”. The user wants to send these values to CloudWatch. How can the user achieve this?

100. 一个用户正在每分钟测量私有数据中心机器的CPU利用率。该机器每小时提供数据的汇总，如“数据总和”、“最小值”、“最大值”和“数据点数量”。用户想将这些值发送到CloudWatch。用户如何实现这一目标？

A. A. Send the data using the put-metric-data command with the average-values parameter
A. 使用put-metric-data命令和average-values参数发送数据

B. B. Send the data using the put-metric-data command with the aggregate-values parameter
B. 使用 put-metric-data 命令和 aggregate-values 参数发送数据

C. C. Send the data using the put-metric-data command with the statistic-values parameter

C. 使用带有 statistic-values 参数的 put-metric-data 命令发送数据

D. D. Send the data using the put-metric-data command with the aggregate –data parameter
D. 使用带有 aggregate –data 参数的 put-metric-data 命令发送数据

您的分数是

平均分为 0%

0%

评价表

匿名反馈

感谢评价

评论0

升级VIP

夜间模式

返回顶部

AWS SOA真题 No.1-100

Report a question

関連文章

真题AWS SOA真题 No.401-600

真题AWS SOA真题 No.201-400

真题AWS SOA真题 No.101-200

评论0

升级VIP

夜间模式

返回顶部